System and method for distributing digital rights management digital content in a controlled network ensuring digital rights

ABSTRACT

A system and method for managing digital rights includes receiving a Universal Resource Identifier (URI). The URI is used to identify a location for a user selected digital media item. The digital media item is to be played in a local area network (LAN). The selected digital media item is retrieved from a content server over a network connection. If the selected digital media item is encrypted, a license to decrypt the selected media item is obtained. Access to the license is based on a plurality of access rules, which are based on the terms of the license. The plurality of access rules may also include personal owner rules. If a request for the license adheres to the access rules, the license is received via a secure out of band transfer and the selected digital media item is decrypted for playback via one or more media rendering devices.

RELATED APPLICATION

This application is a divisional application of U.S. application Ser.No. 10/616,614, entitled “SYSTEM AND METHOD FOR DISTRIBUTING DIGITALRIGHTS MANAGEMENT DIGITAL CONTENT IN A CONTROLLED NETWORK ENSURINGDIGITAL RIGHTS,” which was filed on Jul. 9, 2003.

FIELD OF THE INVENTION

The present invention is generally related to the field of digitalrights management. More particularly, the present invention is relatedto a system and method for distributing digital content in a controllednetwork ensuring digital rights.

DESCRIPTION

In the last few years, the use of digital media of all types, such asdigital audio and video, has grown in popularity. As more and more usersenjoy access to digital content, the risk to content providers of losingsales to content piracy increases. In fact, many content providersrefrain from providing media content over the Internet because of piracyconcerns. Digital Rights Management (DRM) technology protects the rightsof content owners and enforces the proper use of the content byconsumers. These rights, in the form of digital information, must bedistributed and enforced by media rendering devices in a networkenvironment.

In a typical home network, a user may have digital content stored on theuser's PC (personal computer). The user may also have other devices inthe home that are capable of playing digital media, such as, forexample, portable MP3 players, boom boxes, home theater systems, etc.The digital content stored on the PC may be rights-managed content. Inmany instances, the user may want to play the rights-managed digitalcontent on any of the rendering devices in the home.

Rights-managed content typically contains meta information to informmedia renderers of which license to acquire and where the license may beacquired. The meta information may include a keyID. The keyID is aunique identifier for the license. The meta information may also includea licenseURI. The licenseURI is a reference to a license server that themedia renderer is to use to acquire the license to play the content.

The media renderer obtains a license to play the digital content from alicense server using the reference keyID. Once a client acquires thelicense, a cryptographic key contained in the license is used to decryptand render the media.

Today, the license for the digital content is managed at a device leveland not at a user level. In order to play the rights-managed content onother rendering devices, the user must obtain a license for a particulardevice and the license is downloaded for that particular device. Thus,the file for that license can only be played on the device in which thelicense was obtained. In other words, the user is not licensed to playthe file on any device in the home although the user is willing to payfor the license. This is a major impediment when there are manyrendering devices in the home, such as, but not limited to, home A/V(audio/video) equipment, PCs, MP3 players, digital video recorders, etc.The user may have content stored, perhaps on the PC, but may also wantto play the content on another device within the home. Today's digitalrights management licensing technology does not support this scenario.

Thus, what is needed is a system and method for enabling a licensed userto distribute digital content on more than one device within the home ina secure manner. What is further needed is a local license server formanaging the distribution of licenses in the home to enable variousdevices within the home to request and receive a license to playrights-managed content.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated herein and form partof the specification, illustrate embodiments of the present inventionand, together with the description, further serve to explain theprinciples of the invention and to enable a person skilled in thepertinent art(s) to make and use the invention. In the drawings, likereference numbers generally indicate identical, functionally similar,and/or structurally similar elements. The drawing in which an elementfirst appears is indicated by the leftmost digit(s) in the correspondingreference number.

FIG. 1 is a block diagram illustrating an exemplary system architecturefor distributing DRM digital content in a controlled network ensuringdigital rights according to an embodiment of the present invention.

FIG. 2 is a flow diagram describing an exemplary method for distributingDRM digital content in a controlled network ensuring digital rightsaccording to an embodiment of the present invention.

FIG. 3 is a flow diagram describing an exemplary method for obtaining alicense for a digital media item according to an embodiment of thepresent invention.

FIG. 4 is a flow diagram describing an exemplary method for enabling amedia renderer to acquire a license from a local license server toenable playback of digital media on a media rendering device.

DETAILED DESCRIPTION

While the present invention is described herein with reference toillustrative embodiments for particular applications, it should beunderstood that the invention is not limited thereto. Those skilled inthe relevant art(s) with access to the teachings provided herein willrecognize additional modifications, applications, and embodiments withinthe scope thereof and additional fields in which embodiments of thepresent invention would be of significant utility.

Reference in the specification to “one embodiment”, “an embodiment” or“another embodiment” of the present invention means that a particularfeature, structure or characteristic described in connection with theembodiment is included in at least one embodiment of the presentinvention. Thus, the appearances of the phrase “in one embodiment”appearing in various places throughout the specification are notnecessarily all referring to the same embodiment.

Embodiments of the present invention are directed to a system and methodfor distributing digital rights management (DRM) digital content in acontrolled network ensuring digital rights. This is accomplished byemploying a local license server. In one embodiment, the local licenseserver may be implemented within a home media server. In otherembodiments, the local license server may be implemented anywhere in thecontrolled network. The local license server provides programmaticinterfaces to acquire and distribute licenses to any rendering device ona home network. A media rendering device on the home network may requestand receive a license to play rights-managed digital content. Otherdevices on the home network may also request and receive licenses toplay the same rights-managed digital content. This eliminates the needto obtain a license for a particular rendering device. The local licenseserver maintains and enforces the terms of the license agreement. All ofthis is accomplished with very little user intervention.

FIG. 1 is a block diagram illustrating an exemplary system architecture100 for distributing digital rights management (DRM) digital content ina controlled network ensuring digital rights. System architecture 100comprises a home network 102 and a wide area network (WAN), such as theInternet 116. Home network 102 is coupled to Internet 116. Home network102 may be coupled to Internet 116 using dial-in connections, high-speedcable, digital subscriber lines (DSL), or any other well-known manner.

Home network 102 is a local area network (LAN) that connects computers,audio/video players, televisions, personal digital assistants (PDAs),etc. using a wired or wireless medium, such as, for example, Ethernet orBluetooth (or any other wireless protocol based on the IEEE 802.11standard, IEEE Standards for Information Technology—Telecommunicationsand Information Exchange Between Systems, ISO/IEC 8802-11 (1999)),respectively. Home network 102 comprises a home media server 104, amedia renderer 108, a plurality of media rendering devices, such as, forexample, a media player or sound device 110, a TV or other media displaydevice 112, and a personal computer (PC) 122, and a control point 114.Media player or sound device 110 may include, but is not limited to, acompact disk (CD) player, a MPEG-audio layer 3 (MP3) player, WindowsMedia Audio (WMA) player, etc. Other media display devices may include,but are not limited to, digital versatile disc (DVD) players, videodigital recorders (VDRs), home theater systems, etc.

Home media server 104 is a server located in the home that containsreferences to encrypted DRM media. In one embodiment, home media server104 contains an enumeration of all of the media items, including aUniversal Resource Identifier (URI) of each media item (i.e., where themedia may be located) and the type of each media item, such as, forexample, music, movies, video games, etc. In another embodiment, homemedia server 104 may also contain the actual media itself. Applications,such as, but not limited to, browser applications, on home network 102may be used to browse home media server 104. In one embodiment, homemedia server 104 may include a local license server 106 co-locatedwithin home media server 104. In an alternative embodiment, locallicense server 106 may be located outside of home media server 104, yetco-located with home media server 104.

Local license server 106 is a license server that manages digital mediarights in home network 102. Local license server provides programmaticinterfaces to acquire, manage, and distribute licenses to any renderingdevices on home network 102. Local license server 106 will be discussedin more detail below.

Media renderer 108 is a device that can play digital media or aid inplaying digital media available from a wide-area network (WAN), such asInternet 116. In one embodiment, media renderer 108 may be a set-topbox. In another embodiment, media renderer 108 may be a media center. Inone embodiment, media renderer 108 may be a UPnP™ device, thus enablingmedia rendering devices 110 and 112 to also be UPnP™ devices.

Media renderer 108 is capable of recognizing media, and can retrieve thekeyID and the licenseURI from encrypted media content prior todecrypting. As previously stated, the keyID is a unique identifier for alicense and the licenseURI is a reference to a license server that mediarenderer 108 may use to acquire a license to play the desired digitalcontent.

Control point 114 is a wireless device similar to a remote control, PDA,or any other device that aids in controlling components within a homenetwork, such as home network 102. Control point 114 sends and receivescontrol actions and responses to operate various devices on home network102, such as, but not limited to, home media server 104, local licenseserver 106, and media renderer 108, and provides information forobtaining media licenses. Internet 116 may comprise, inter alia, one ormore content servers, such as content server 120, and one or morelicense servers, such as license server 118. Content server 120 is anInternet-based server for storing encrypted media created by variouscontent providers. The encrypted media stored on content server 120 maybe retrieved by clients over Internet 116. In one embodiment, contentserver 120 may be a Web server that stores and provides rights-managedcontent to clients. In another embodiment, content server 120 may be amedia server for storing and streaming digital media. In yet anotherembodiment, content server 120 may store and stream digital media,including rights-managed digital content to clients.

License server 118 is an Internet-based server for storing and managinglicenses for any form of media. A pointer to license server 118 isreferred to as the licenseURI. The licenses in license server 118 areindexed. The keyID identifies a particular license in license server118.

Embodiments of the present invention use local license server 106 toprovide key functionalities for enabling the distribution of licenses tomedia rendering devices, such as media rendering devices 110, 112, and122, within home network 102. For example, local license server 106retrieves the keyID and licenseURI of the desired license from controlpoint 114 and provides a means to acquire the license from licenseserver 118. Local license server 106 provides a secure method todistribute the acquired license inside the home network by making surethat the license is not being infringed. This is accomplished bymanaging rules underlying the license from license servers, such aslicense server 118. Local license server 106 also provides an interfaceto manage and share the digital rights management digital content.

FIG. 2 is an exemplary flow diagram 200 describing a method fordistributing DRM digital content in a controlled network ensuringdigital rights according to an embodiment of the present invention. Theinvention is not limited to the embodiment described herein with respectto flow diagram 200. Rather, it will be apparent to persons skilled inthe relevant art(s) after reading the teachings provided herein thatother functional flow diagrams are within the scope of the invention.The process is described from the perspective of control point 114. Theprocess begins with block 202, where the process immediately proceeds toblock 204.

In block 204, control point 114 enables a user to browse home mediaserver 104 to select a media item to be played. When the media selectionhas been made, control point 114 receives a URI from home media server104 for the media item selected by a user. The URI indicates aparticular digital media item that the user desires to be played on oneor more of media renderer devices 110, 112, and/or 122 in home network102.

In block 206, control point 114 sends a request to media renderer 108 toretrieve and play the selected digital media item. The request includesthe URI for the particular digital media item. Once media renderer 108retrieves the desired digital media item and determines that the mediaitem requires a license to be played (which is indicated as an event tocontrol point 114), control point 114 will receive the keyID andlicenseURI for the digital media item from media renderer 108 in block208.

In block 210, control point 114 checks local license server 106 to seeif the license identified by the keyID and licenseURI is available atlocal license server 106.

In decision block 212, it is determined whether the license is availablefrom local license server 106. If the license is not available fromlocal license server 106, control point 114 will send a message to locallicense server 106 to retrieve the license from a license server (block214). Local license server 106 will retrieve the license using the keyIDand licenseURI from the license server designated by the licenseURI,such as license server 118. The process employed by local license server106 to retrieve the license is described in detail below with referenceto FIG. 3. The process then proceeds to decision block 216.

In decision block 216, it is determined whether local license server 106has retrieved the license from license server 118. If local licenseserver 106 has not retrieved the license, the process remains at block216 to wait until local license server 106 has retrieved the license. Ifa predetermined time has passed without control point 114 receiving anindication that local license server 106 has received the license, theprocess will timeout. If local license server 106 has retrieved thelicense, control point 114 will receive an indication from local licenseserver 106 that the license has arrived and the process will proceed toblock 218.

Returning to decision block 212, if it is determined that the license isavailable at local license server 106, the process proceeds to block218.

In block 218, control point 114 retrieves a location URI of the licensefrom local license server 106. The location URI is the location of thelicense at local license server 106. The location URI is then sent tomedia renderer 108 to enable media renderer 108 to acquire the license,based on the rules or terms of the license, from local license server106 and decrypt the media content to enable play of the selected mediaitem on the appropriate media device(s) (block 220). The process forenabling media renderer 108 to acquire the license, based on the rulesof the license, is described below with reference to FIG. 4.

FIG. 3 is an exemplary flow diagram 300 describing a method forobtaining a license for a digital media item according to an embodimentof the present invention. The invention is not limited to the embodimentdescribed herein with respect to flow diagram 300. Rather, it will beapparent to persons skilled in the relevant art(s) after reading theteachings provided herein that other functional flow diagrams are withinthe scope of the invention. The process begins with block 302, where theprocess immediately proceeds to block 304.

In block 304, local license server 106 establishes a secure connectionto control point 114 to obtain all necessary user credentials foracquiring a new license. In one embodiment, a secure sockets layer (SSL)protocol is used to establish a secure connection. One skilled in therelevant art(s) would know that other secure protocols may also be usedas well. The necessary user credentials may include, but are not limitedto, user name and address, credit card number, expiration date of thecredit card, the terms of the new license sought to be obtained, etc.The terms of the new license may include, but are not limited to, thenumber of times the media item may be played, the number of devices themedia item may be played on at one time, when the license expires, etc.After the secure connection is established, local license server 106retrieves the necessary user information from control point 114 in block306.

In block 308, local license server 106 identifies a license server usingthe licenseURI and establishes a secure connection to the license serveron Internet 116.

In block 310, local license server 106 sends license server 118 therequired information to obtain the new license. The required informationincludes the keyID and the necessary user information received fromcontrol point 114.

In block 312, the local license server acquires the new license usingthe keyID. The new license includes the terms or rules of the licensethat must be adhered to by local license server 106 in maintaining andenforcing the license. After acquiring the new license, local licenseserver 106 informs control point 114 that the new license is nowavailable (block 314).

FIG. 4 is an exemplary flow diagram 400 further describing a method forenabling a media renderer to acquire a license from a local licenseserver to enable play of a digital media item on a media device. Theinvention is not limited to the embodiment described herein with respectto flow diagram 400. Rather, it will be apparent to persons skilled inthe relevant art(s) after reading the teachings provided herein thatother functional flow diagrams are within the scope of the invention.The process begins with block 402, where the process immediatelyproceeds to block 404.

In block 404, media renderer 108 receives a URI from control point 114for the user selected digital media item to be retrieved. Using the URI,media renderer 108 retrieves the digital media item from a contentserver, such as content server 120, in block 406. In one embodiment, asimple Hypertext Transfer Protocol (HTTP) GET request may be used toretrieve the selected digital media item. One skilled in the relevantart(s) would know that other protocols may also be used.

The media item may be encrypted. If the media item is encrypted, alicense must be obtained to enable media renderer 108 to play theselected media item. As previously indicated, the licenseURI and keyID,which are not encrypted, but are included in the encrypted digital mediaitem, may be obtained by media renderer 108 to determine the location ofthe license. When media renderer 108 determines that the media item isencrypted, media renderer 108 obtains the keyID and licenseURI from theretrieved media item and sends them to control point 114 (block 408). Aspreviously indicated, the keyID and licenseURI are used by local licenseserver 106 to retrieve the license. The process then proceeds todecision block 410.

In decision block 410, it is determined whether control point 114 hasindicated that the license is available from the local license server.If control point 114 has not sent an indication that the license isavailable from local license server 106, then media renderer 108 willsend a message to local license server 106 via control point 114 toobtain the license from a license server, such as license server 118,using the licenseURI and keyID (block 412). In one embodiment, mediarenderer 108 may send the message directly to local license server 106to obtain the license from the license server. The process then returnsto decision block 410 to see if control point 114 has indicated that thelicense is available at local license server 106.

In decision block 410, if control point 114 has provided an indicationthat the license is available from local license server 106, theindication will include a location URI. The location URI provides thelocation of the license within local license server 106. The processthen proceeds to block 414.

In block 414, media renderer 108 establishes a secure connection tolocal license server 106. Using the location URI, media renderer 108requests that the license be sent from local license server 106 toenable the decryption of the user's selected media item in block 418.Note that the license contains a key that enables media renderer 108 todecrypt the media content.

Before local license server 106 may send the requested license, locallicense server 106 must validate license access rules to determinewhether the license may be transferred to media renderer 108. Licenseaccess rules include the terms of the license. For example, if thelicense was obtained for enabling play of the media item five (5) timesand the media item has already been played 5 times, local license server106 will adhere to the access rules of the license and will deny thelicense to media renderer 108. This requires local license server 106 tomanage the license by tracking the usage of the license. In anotherexample, if the license requires that the media be played on a maximumof two devices, local license server 106 must ensure that media renderer108 will not play the media on more than two media rendering devicesbefore transferring the license to media renderer 108. Thus, embodimentsof the present invention allow other media devices within the homenetwork to also play the media content if the terms of the licensepurchased by the user allow for multiple devices to be used. Therefore,embodiments of the present invention do not limit the playback of mediacontent to one device on the home network, but allow multiple devices toplay the media content at the same time.

In one embodiment, license access rules may include owner rules forplaying media licenses. Owner rules are personal rules that areintegrated into the license access rules to be used by local licenseserver 106 in managing a license. Owner rules may include, but are notlimited to, an indication of who can play the selected digital media, anindication of when the selected digital media can be played, and anindication as to the number of times the digital media can be played bycertain individuals. For example, a parent may purchase a license toplay a video game for his/her children, but the parent only wants thechildren to play the game on weekends. The parent may stipulate a ruleto local license server 106 that when the game is requested by his/herchildren, that the license be transferred to media renderer 108 only onweekends. In this instance, local license server may only provide thelicense on a Saturday or Sunday.

In decision block 416, it is determined whether the license is valid.Again, this process is performed by local license server 106 asindicated above. If the license is valid, control passes to block 418.

In block 418, the license is sent to media renderer 108 via a secure outof band license transfer. The key from the license is then used by mediarenderer 108 to decrypt the media content.

In block 420, play of the digital media item is then enabled on thedesired media device(s). Once the digital media item has been played,the digital media item is no longer located at media renderer 108.

Returning to decision block 416, if local license server 106 determinesthe indicated use of the license to be invalid, the license is not sentto media renderer 108. Therefore, the digital media item cannot bedecrypted, and the process proceeds to block 422, where the processends.

Certain aspects of embodiments of the present invention may beimplemented using hardware, software, or a combination thereof and maybe implemented in one or more computer systems or other processingsystems. In fact, in one embodiment, the methods may be implemented inprograms executing on programmable machines such as mobile or stationarycomputers, personal digital assistants (PDAs), set top boxes, cellulartelephones and pagers, and other electronic devices that each include aprocessor, a storage medium readable by the processor (includingvolatile and non-volatile memory and/or storage elements), at least oneinput device, and one or more output devices. Program code is applied tothe data entered using the input device to perform the functionsdescribed and to generate output information. The output information maybe applied to one or more output devices. One of ordinary skill in theart may appreciate that embodiments of the invention may be practicedwith various computer system configurations, including multiprocessorsystems, minicomputers, mainframe computers, and the like. Embodimentsof the present invention may also be practiced in distributed computingenvironments where tasks may be performed by remote processing devicesthat are linked through a communications network.

Each program may be implemented in a high level procedural or objectoriented programming language to communicate with a processing system.However, programs may be implemented in assembly or machine language, ifdesired. In any case, the language may be compiled or interpreted.

Program instructions may be used to cause a general-purpose orspecial-purpose processing system that is programmed with theinstructions to perform the methods described herein. Alternatively, themethods may be performed by specific hardware components that containhardwired logic for performing the methods, or by any combination ofprogrammed computer components and custom hardware components. Themethods described herein may be provided as a computer program productthat may include a machine readable medium having stored thereoninstructions that may be used to program a processing system or otherelectronic device to perform the methods. The term “machine readablemedium” or “machine accessible medium” used herein shall include anymedium that is capable of storing or encoding a sequence of instructionsfor execution by the machine and that causes the machine to perform anyone of the methods described herein. The terms “machine readable medium”and “machine accessible medium” shall accordingly include, but not belimited to, solid-state memories, optical and magnetic disks, and acarrier wave that encodes a data signal. Furthermore, it is common inthe art to speak of software, in one form or another (e.g., program,procedure, process, application, module, logic, and so on) as taking anaction or causing a result. Such expressions are merely a shorthand wayof stating the execution of the software by a processing system to causethe processor to perform an action or produce a result.

While various embodiments of the present invention have been describedabove, it should be understood that they have been presented by way ofexample only, and not limitation. It will be understood by those skilledin the art that various changes in form and details may be made thereinwithout departing from the spirit and scope of the invention as definedin the appended claims. Thus, the breadth and scope of the presentinvention should not be limited by any of the above-described exemplaryembodiments, but should be defined in accordance with the followingclaims and their equivalents.

1. A system for managing digital rights media, comprising: a homenetwork coupled to a wide area network, the home network including ahome media server, the home media server containing references toencrypted digital media items, the home media server including a locallicense server, the local license server including a plurality oflicenses for the encrypted digital media items, wherein the locallicense server manages distribution of the plurality of licenses basedon key identification and distribution access rules for each of thelicenses; and a media renderer, coupled to the home media server, toretrieve, decrypt and play the encrypted digital media items, whereinthe media renderer retrieves the encrypted digital media items from thewide area network and wherein the encrypted digital media items aredecrypted using a key supplied by the licenses for the encrypted digitalmedia items.
 2. The system of claim 1, wherein the home network furthercomprises: one or more media rendering devices coupled to the mediarenderer to enable playback of the encrypted digital media items to auser; and a controller, wirelessly coupled to each of the home mediaserver, the media renderer, and the media rendering devices to controlthe home network.
 3. The system of claim 2, wherein the one or moremedia rendering devices comprises at least one of a compact disk (CD)player, a MPEG-audio layer 3 (MP3) player, a Windows Media Audio (WMA)player, a digital versatile disc (DVD) player, a television (TV), avideo digital recorder (VDR), and a home theater system.
 4. The systemof claim 2, wherein the media renderer to distribute the encrypteddigital media items to the one or more media rendering devices.
 5. Thesystem of claim 2, wherein the media renderer further to extractunencrypted meta data from the encrypted digital media itemscorresponding to the licenses, the unencrypted meta data including a keyidentifier and a license Universal Resource Identifier (URI) for each ofthe plurality of licenses, the key identifier identifies a particularlicense and the license URI identifies where the particular license canbe found.
 6. The system of claim 5, wherein the media renderer to sendthe key identifier and the license URI for the particular license to thecontroller, the controller further to determine whether the particularlicense is available from the local license server.
 7. The system ofclaim 6, wherein the local license server further to: (i) retrieve theparticular license from a license server on the wide area network usingthe key identifier and the license URI in response to the controllerdetermining that the particular license is not available from the locallicense server; and (ii) send the particular license retrieved to themedia renderer.
 8. The system of claim 6, wherein the local licenseserver further to send the particular license to the media renderer inresponse to the controller determining that the particular license isavailable from the local license server.
 9. The system of claim 1,wherein the licenses for the encrypted digital media items not locatedwithin the local license server are retrieved from a license server onthe wide area network using the local license server.
 10. The system ofclaim 1, wherein the local license server manages the distribution ofeach of the licenses by not releasing a license corresponding to anencrypted digital media item if a request for the license does notadhere to the access rules for the license, wherein the access rules forthe license are based on terms of the license.
 11. The system of claim10, wherein the access rules include at least one of a number of timesthe encrypted digital media item is to be played, a number of mediarendering devices the encrypted digital media item may be played on atone time, an expiration of the license, and a length of time a user mayplay the encrypted digital media item.
 12. The system of claim 1,wherein the access rules are based on terms of the licenses and personalowner rules regarding playing the encrypted digital media items, whereinthe personal owner rules regarding playing an encrypted digital mediaitem include at least one of an indication of who can play the encrypteddigital media item, an indication of when the encrypted digital mediaitem can be played, and an indication as to the number of times theencrypted digital media item can be played by certain individuals.